Abstract

As the prevalence of the Internet of Things (IoT) continues to increase, cyber criminals are quick to exploit the security gaps that many devices are inherently designed with. Whilst users can not be expected to tackle this threat alone, many current solutions available for network monitoring are simply not accessible or can be difficult to implement for the average user and is a gap that needs to be addressed. This paper presents an effective signature-based solution to monitor, analyse and detect potentially malicious traffic for IoT ecosystems in the typical home network environment by utilising passive network sniffing techniques and a cloud-application to monitor anomalous activity. The proposed solution focuses on two attack and propagation vectors leveraged by the infamous Mirai botnet, namely DNS and Telnet. Experimental evaluation demonstrates the proposed solution can detect 98.35% of malicious DNS traffic and 99.33% of Telnet traffic respectively; for an overall detection accuracy of 98.84%.